M&S Chaos: Leading British Retail Chain Attacked

Uploaded on 2025-04-24 in NEWS-Cybersecurity News, FREE TO VIEW

Leading British retailer Marks & Spencer (M&S) has apologised to customers after a cyber incident has affected contactless payments and the pick up of online orders in it stores in recent days. M&S shoppers are facing further frustration at the checkout as the company struggles to recover from a cyber attack. 

Customers began reporting problems on the weekend, with the retailer confirming on Tuesday 22nd April that it had suffered a damaging cyber attack. 

The incident began on Monday 21st April with contactless payments and click and collect orders affected in stores across the country. However, earlier there was a separate technical problem on Saturday 19th, which only affected contactless payments.

M&S has been forced to take some systems offline as part of its management of the attack. In many stores it was cash only as the payments system was down. M&S says it had made the "decision to move some of our processes offline to protect our colleagues, partners, suppliers and our business". Stores remain open and customers could "continue to shop on our website and our app", the statement added.

However, there is still confusion on social media amongst M&S customers and the firm has responded to some posts on X in the past few hours advising customers that contactless payments can be taken in stores.

In expert comment, Jamie Moles, Senior Technical Manager at ExtraHop said “While we don't yet have the full details of the M&S cyber incident, the company's dedication to protecting the network highlights the critical importance of a modern network security strategy. Incidents like this demonstrate how essential it is to have real-time visibility, threat detection and rapid response capabilities across all digital infrastructure...

Network visibility can play a pivotal role, helping organisations detect anomalies early, isolate potential threats and maintain service continuity." Moles said 

M&S said it had reported the incident to the National Cyber Security Centre and hired cyber security experts to help investigate and manage the issue and was “taking actions to further protect our network” to ensure it could continue serving shoppers. 

@marksandspencer   |   Investiagate   |   TechRadar   |   BBC   |   Guardian   |   Standard  |  ITPro

Image: @marksandspencer

You Might Also Read:

Why Is Retail Cyber Security So Weak?:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Apple & Meta Fined €700m By EU Commission
Traditional Cyber Insurance Isn’t Built For AI-Driven Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.

Promptfoo

Promptfoo

Promptfoo helps developers and enterprises build secure, reliable AI applications.

Attaxion

Attaxion

Attaxion is an External Attack Surface Management (EASM) Platform. We offer attack surface management solutions with #1 asset coverage and laser-focused, actionable intelligence.

CMD+CTRL Security

CMD+CTRL Security

CMD+CTRL Security is a pioneer in software security training. Industry-leading organizations rely on our training solutions to make software secure wherever it runs.